Ubuntu Security Notice 6656-2 - USN-6656-1 fixed several vulnerabilities in PostgreSQL. This update provides the corresponding updates for Ubuntu 16.04 LTS It was discovered that PostgreSQL incorrectly handled dropping privileges when handling REFRESH MATERIALIZED VIEW CONCURRENTLY commands. If a user or automatic system were tricked into running a specially crafted command, a remote attacker could possibly use this issue to execute arbitrary SQL functions.
f45b11c7e2648a6365c7c0c4a04b1f4fe6c6106dd3b6d76e794be3a2d298a00aUbuntu Security Notice 6689-1 - It was discovered that Rack incorrectly parse some headers. An attacker could possibly use this issue to cause a denial of service.
181f1f7f4d6954f69249e0e6a3f58ba172952686bbf375b6655f6255942c39b3Ubuntu Security Notice 6690-1 - Timothy Redaelli and Haresh Khandelwal discovered that Open vSwitch incorrectly handled certain crafted Geneve packets when hardware offloading via the netlink path is enabled. A remote attacker could possibly use this issue to cause Open vSwitch to crash, leading to a denial of service. It was discovered that Open vSwitch incorrectly handled certain ICMPv6 Neighbor Advertisement packets. A remote attacker could possibly use this issue to redirect traffic to arbitrary IP addresses.
c48aa2b70b96e75c736131cbd6e784fb35739c48c114c1dc28b66d826cb192edUbuntu Security Notice 6688-1 - Pratyush Yadav discovered that the Xen network backend implementation in the Linux kernel did not properly handle zero length data request, leading to a null pointer dereference vulnerability. An attacker in a guest VM could possibly use this to cause a denial of service. It was discovered that the Habana's AI Processors driver in the Linux kernel did not properly initialize certain data structures before passing them to user space. A local attacker could use this to expose sensitive information.
14e46adfe602e3381472cca2694960e60b4f66b2adf1e14c5cefabbd3a423e8cUbuntu Security Notice 6681-2 - Wenqing Liu discovered that the f2fs file system implementation in the Linux kernel did not properly validate inode types while performing garbage collection. An attacker could use this to construct a malicious f2fs image that, when mounted and operated on, could cause a denial of service. It was discovered that the DesignWare USB3 for Qualcomm SoCs driver in the Linux kernel did not properly handle certain error conditions during device registration. A local attacker could possibly use this to cause a denial of service.
497cdba15e2474c05f61de47875a39a3f760923ca11ee79f7167211274bac41cUbuntu Security Notice 6658-2 - USN-6658-1 fixed a vulnerability in libxml2. This update provides the corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS. It was discovered that libxml2 incorrectly handled certain XML documents. A remote attacker could possibly use this issue to cause libxml2 to crash, resulting in a denial of service, or possibly execute arbitrary code.
2a750c69f6b035fa2c99f3825916f5c17d092b9f9cd726a59615137e53c334daNorthStar C2 agent version 1.0 applies insufficient sanitization on agent registration routes, allowing an unauthenticated attacker to send multiple malicious agent registration requests to the teamserver to incrementally build a functioning javascript payload in the logs web page. This cross site scripting payload can be leveraged to execute commands on NorthStar C2 agents.
e3d03b1bb5d42cd9ee527169a57dc6bfa52c6c6b50d4e1a990a6c9443e01b3b1Red Hat Security Advisory 2024-1270-03 - An update for docker is now available for Red Hat Enterprise Linux 7 Extras.
2036f840f1181bee598bcb0a04303156535c327e7791c9fce8936c9985014048Red Hat Security Advisory 2024-1269-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
0dca2b95d83f2e06fcd70d43d60fe031ceb4425e7cba49254273efdce77b6b5fRed Hat Security Advisory 2024-1268-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions, and Red Hat Enterprise Linux 8.2 Telecommunications Update Service. Issues addressed include null pointer, out of bounds write, and use-after-free vulnerabilities.
a345f643b8091f2ef476dc55be42211ec4686a71622f968e79555da9a6b7b6f0Red Hat Security Advisory 2024-1253-03 - An update for kpatch-patch-5_14_0-70_64_1, kpatch-patch-5_14_0-70_70_1, kpatch-patch-5_14_0-70_75_1, kpatch-patch-5_14_0-70_80_1, and kpatch-patch-5_14_0-70_85_1 is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include privilege escalation and use-after-free vulnerabilities.
617ece46c41b05791b1be764d0835032147659b14ce52b66d5869faff9182db3Red Hat Security Advisory 2024-1251-03 - An update for kpatch-patch-5_14_0-362_13_1, kpatch-patch-5_14_0-362_18_1, and kpatch-patch-5_14_0-362_8_1 is now available for Red Hat Enterprise Linux 9.
33eaeaf4d2ff76f66df7e43e1e9f8e3ffe605cce7bfa0653ec87d936fc17be23Red Hat Security Advisory 2024-1250-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Issues addressed include memory exhaustion, null pointer, out of bounds access, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
1a8fb1156681ea9fffde120cc80c4918fc32db13b323665272dc5e45827f8bb9Red Hat Security Advisory 2024-1249-03 - An update for kernel is now available for Red Hat Enterprise Linux 7. Issues addressed include a use-after-free vulnerability.
9a00ee476e03d2f43da0c6966b2d73fa610f76843974de7d3d16950948e41e11Red Hat Security Advisory 2024-1248-03 - An update for kernel is now available for Red Hat Enterprise Linux 9. Issues addressed include null pointer, out of bounds access, out of bounds read, out of bounds write, privilege escalation, and use-after-free vulnerabilities.
e8cee96a94ad07c9429b0bfe0fc3b41b26d6aecb31ef509f3a03f7021e1d0f40Red Hat Security Advisory 2024-1244-03 - An update for rhc-worker-script is now available for Red Hat Enterprise Linux 7. Issues addressed include a denial of service vulnerability.
479c61ab5118a47bf1cdbb9dcdebb20f54468e590079986493f3ddab93629463Red Hat Security Advisory 2024-1241-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.2 Extended Update Support.
81d2e122dc4f561137a9b81b946b42b852b49443e32cf555393ddaa2ef23712cRed Hat Security Advisory 2024-1240-03 - An update for postgresql is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
6b964382136a6cad5b64f9d306d6ae21eafe4cae72e58a1b42de308fd2dea2d7Human Resource Management System version 1.0 suffers from a remote SQL injection vulnerability. Original discovery of SQL injection in this version is attributed to Abdulhakim Oner in March of 2023.
fe2afefb91ff4eaa074c0f4b68fb13bdd541d5861e3a3b9d46706cb51d0cc9e0
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed